Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Attackers Cashing In On Cryptocurrency With Increased Scams

As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”

As the popularity around cryptocurrency has continued to boom in 2018, it has also tempting target for cash-hungry scammers to launch “cryptocurrency giveaway scams.”

Researchers at Proofpoint this week said they’ve observed a sharp rise in these scams, which target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency.

The scams, which peaked in April, are an easy way for attackers to prey on the hype around cryptocurrency – with one observed scammer making away with more than $21,000, said Proofpoint.

“The success of this scam shows that threat actors continue to look for new ways to exploit the human factor – and people are inclined to fall for scams that can net them hot commodities like cryptocurrencies,” wrote Proofpoint in a post about the scam on Wednesday.

These scams typically start with a tweet or an email, which entice potential victims to send cryptocurrency to a wallet with the promise that more will be sent back. These tweets may say things like “There’s an ongoing promotion by Ethereum that just started! I also wanted to share this awesome news! I’ve personally received 92 ETH after just sending 9.2 ETH!”

As scammers lay the social engineering groundwork, they will also develop fake Twitter accounts impersonating exchanges, developers, and celebrities to try to further prompt users to click.

When a user clicks the link or enters the URL from the image, they are generally taken to a landing page prompting them to send a certain amount of cryptocurrency to a payment address.

The template attempts to establish legitimacy by showing a number of fake transactions, falsely suggesting that large amounts of coins are being sent back to those who send small amounts of coins to the scammer’s wallet, researchers said.

Interestingly, “In other cases, scammers do not promise rewards but instead emulate crowdfunding models, as in … a page promising to help free Julian Assange,” according to Proofpoint.

The scam is reportedly working. When researchers investigated some of the wallet addresses associated with the scam, they found that “some of them are growing and do not reflect the ‘giveaway’ nature of the intended interaction.” Typically, a scammer will also use a new wallet for each scam – but researchers said they also observed some reuse.

In one case, researchers followed an Ethereum wallet that appeared 10 times in their data. The scammer dumped the wallet on May 5, collecting a fairly hefty amount of $21,700 in earnings.

“Searching through the wallet transactions, it appears that the actors may have better luck phishing with Ethereum as opposed to Bitcoin,” said researchers.

Proofpoint said they would continue to monitor these scams given the rebounding cryptocurrency values. Meanwhile, users should keep a keen eye out for these types of scams.

“As with most of these scams, if it seems to good to be true, it probably is, but the appeal of nearly-free cryptocurrency and new approaches to social engineering, primarily via hijacked conversations on social media platforms, are proving too tempting for many users,” they said.

Discussion

Yes, as we all know there are manyscams going on with related to cryptocurrencies. And this should be stopped and people also need to be aware. Keep sharing blogs like this so that people get to know. Thanks. Keep Posting.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.